Hey Stewart, thanks for the socket proxy idea! Will definitely give it a go.
2017-03-10 15:18 GMT+01:00 Stewart Brodie <sbro...@espial.com>: > Maxime Jourdan <raptort...@gmail.com> wrote: > > > Hello, > > > > One of the contained processes on my system exposes its communication > > interface via an abstract socket. This socket is of the AF_UNIX family, > > with the particularity of being accessible via a name rather than a > socket > > file with a path. This socket obeys to the network namespace rules. > > > > Problem is that I need a few other containers to be able to connect to > > this socket. But at the same time, I require containers to have different > > network namespaces... > > > > Sharing regular AF_UNIX sockets was no big deal because I could just > > bind-mount the socket path into the various containers. But these > > abstract, pathless sockets are making it hard to share. > > > > A temporary solution has been to "whitelist" this specific socket name > > inside the kernel directly, right before the namespace equal check, but > > that's an ugly workaround. > > > > Any advice about elegantly sharing asbtract sockets between containers is > > gladly welcome :). > > The main way that I can think of that is non-invasive with respect to the > kernel is to have a proxy process in the "server" container > that also has a filesystem based UNIX domain socket (that you can bind > mount, as usual) that your client can call to obtain a handle to the real > socket. > > Your clients then send a request to the proxy for the socket handle. Your > proxy process can open and connect to the abstract the socket and then > returns the socket handle back to the caller using ancilliary data. > > If you're not familiar with that, effectively, it's a way of doing a > cross-process dup() on a file descriptor. The key search terms you need > are: cmsg sendmsg recvmsg SCM_RIGHTS > > > -- > Stewart Brodie > Senior Software Engineer > Espial UK > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
